VMware Driver Vulnerability in OpenStack Compute by OpenStack
CVE-2014-2573

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
25 March 2014

Summary

The VMware driver in OpenStack Compute (Nova) versions 2013.2 to 2013.2.2 is susceptible to an improper handling of virtual machine (VM) states. This vulnerability can be exploited by authenticated users who can manipulate the state of a VM by placing it into RESCUE status. Once in this state, users can bypass imposed quota limits and potentially lead to a denial of service by repeatedly requesting the VMs to be put into rescue mode and subsequently deleting the associated images. This manipulation opens the potential for resource consumption issues within the OpenStack environment.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.